Re: Some scripts for analyzing NetBus

[Ron <ron () skullsecurity net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Patience! It'll happen in good time. 

Also, it's SVN, not CVS :)

On Wed, 8 Dec 2010 12:00:46 +0200 Toni Ruottu <toni.ruottu () iki fi> wrote:
> Could someone review the NetBus scripts and/or include them in the
> CVS?
>
> On Fri, Dec 3, 2010 at 8:37 PM, Toni Ruottu <toni.ruottu () iki fi>
> wrote:
> > hello again,
> >
> > I realized not everyone have a NetBus setup up and running, so I
> > decided to provide some links to NetBus packages available on the
> > Internet. The below links are for NetBus 1.6 and 1.7. There is also
> > a link for honeypot application NetBuster. I used these packages in
> > my tests and they seemed to work well. The NetBus packages contain
> > both a client and a server. The server is usually called patch.exe.
> > Additionally they may contain a tool for editing the server. The
> > NetBuster package contains a server with graphical configuration
> > user interface.
> >
> > http://members.fortunecity.com/cambada/nb16.zip
> > http://personal.inet.fi/koti/jaakko.linna/NetBus170.zip
> > http://personal.inet.fi/koti/jaakko.linna/netbuster1_31.zip
> >
> > NetBus and NetBuster are Windows applications. I run the apps on
> > Ubuntu using Wine and they worked surprisingly well. Just make sure
> > you always reset the environment properly between running two
> > different versions (kill all processes, wait for port bind to time
> > out, and possibly delete wine configuration). Note that NetBus is
> > hackish and might have hidden tricks. You might want to run the
> > services under a virtual machine rather than on a system you use
> > daily. In any case the NetBus services are not very secure, and
> > someone could hack into your box through the service unless you are
> > behind a firewall.
> >
> >  happy hacking, --Toni
> >
> > On Thu, Dec 2, 2010 at 10:37 AM, Toni Ruottu <toni.ruottu () iki fi>
> > wrote:
> > > hello,
> > >
> > > Just finished writing a set of scripts that analyse NetBus-services
> > > (see attachments). I have defined total ordering for execution
> > > through dependencies, as the scripts interfere with each other.
> > > Namely, sending broken authentication credentials prevent access
> > > from everyone, and not only the failing client. The scripts do not
> > > cover NetBus2 as it seems quite different from the earlier
> > > versions, also I could not find really old versions of NetBus for
> > > testing. I have done some tests with NetBus versions 1.6 and 1.7,
> > > as well as NetBuster version 1.31. The scripts should work with
> > > the current nmap cvs, but do not work with latest release.
> > >
> > > The included scripts are (in order of execution):
> > > netbus-version - detects NetBuster, a honeypot service that mimes
> > > NetBus netbus-brute - tries to retrieve NetBus password by guessing
> > > netbus-info - opens a connection to a NetBus server and extracts
> > > information netbus-auth-bypass - checks if a NetBus server is
> > > vulnerable to authentication bypass
> > >
> > >  cheers, --Toni
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAkz/igoACgkQ2t2zxlt4g/RBBQCfd9+3/BndkedgTLrybbKeakay
AXwAnjYwdydEO+XRRvegaWtOtZd66iSI
=2BY9
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/